Vulnerability Description
Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Monitor Pro | <= 7.6 |
| Schneider-Electric | Opc Factory Server | <= 3.34 |
| Schneider-Electric | Pl7 Pro | <= 4.5 |
| Schneider-Electric | Telemecanique Driver Pack | <= 2.6 |
| Schneider-Electric | Unity Pro | <= 6.0 |
| Schneider-Electric | Vijeo Citect | <= 7.20 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/46534Vendor Advisory
- http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelVendor Advisory
- http://www.securityfocus.com/bid/50319
- http://www.securitytracker.com/id?1026234
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdfUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70882
- http://secunia.com/advisories/46534Vendor Advisory
- http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelVendor Advisory
- http://www.securityfocus.com/bid/50319
- http://www.securitytracker.com/id?1026234
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdfUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70882
FAQ
What is CVE-2011-3330?
CVE-2011-3330 is a vulnerability with a CVSS score of 7.2 (HIGH). Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and...
How severe is CVE-2011-3330?
CVE-2011-3330 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3330?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Monitor Pro, Schneider-Electric Opc Factory Server, Schneider-Electric Pl7 Pro, Schneider-Electric Telemecanique Driver Pack, Schneider-Electric Unity Pro.